Analysis
-
max time kernel
94s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/01/2024, 01:42
General
-
Target
760d23b3faaa09c480f5ece99a58ce49.dll
-
Size
112KB
-
MD5
760d23b3faaa09c480f5ece99a58ce49
-
SHA1
c420b0d0a51e56cac4fbb24d3f4fb23c31b1abe0
-
SHA256
4fb0a3bc69e28cbb418020d609344d3df117202b1add4db63e00802cc1b8be2d
-
SHA512
80a0c05ac2b86db3853defe887a8d5a2769b41c28357afa4fbbe9f0145ac77fab1271ab174c3c8c3ae03d51204a27763b007858e8dcc66aa9ae036b4fc345cd7
-
SSDEEP
1536:iko0WXKFhaCcArPH+uuZkMsIwS9B/3NRVjT07puERGV9Uzk+ORs0P0D:iR0WX6ha/oPHXuZz9FT07pZG3UERDE
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Modifies registry class 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\760d23b3faaa09c480f5ece99a58ce49.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\760d23b3faaa09c480f5ece99a58ce49.dll2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112KB
MD5760d23b3faaa09c480f5ece99a58ce49
SHA1c420b0d0a51e56cac4fbb24d3f4fb23c31b1abe0
SHA2564fb0a3bc69e28cbb418020d609344d3df117202b1add4db63e00802cc1b8be2d
SHA51280a0c05ac2b86db3853defe887a8d5a2769b41c28357afa4fbbe9f0145ac77fab1271ab174c3c8c3ae03d51204a27763b007858e8dcc66aa9ae036b4fc345cd7
-
Filesize
112KB